How to find out if linux pad or smartphone is sending screen-dumps to third parties
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
If you want to monitor traffic to/from a machine,... You are essentially going to have to "Man-in-the-middle" yourself on your network and do some packet inspection (more effective from a machine monitoring traffic to/from your router). If you wanted to inspect packets from the machine, and suspected foul play, you couldn't trust the machine enough to run, say... WireShark, on it and expect that you're catching all the traffic (although it'd have to be a pretty good hack job to renumber your packet IDs on the fly, well enough that you couldn't catch it).
I'm confused. Where does the linked site say that the intercepting device playing the role of the man in the middle can be mobile, in other words a second smartphone or pad? The operating systems mentioned in the site are desktop ones.
Maybe carrying a linux laptop with a 3G card and wifi is the only safe way to intercept or monitor smartphone wifi transmissions going to the internet. Maybe a netbook that takes a 3G card and BSD.
Beyond using WireShark, you might consider looking to see if your router is set to capture logs of the IP addresses it connects to. If you know your device's IP within the NAT (typically; 192.168.0.XXXX, where XXXX is the device's assigned IP), you can look to see what it connected to. Then do an IP look-up on those external addresses...
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
I don't know of any mobile equivalent to WireShark. If you want to know what traffic is being sent, you are going to need to monitor it from somewhere. That means a PC set up to observe the traffic to/from the device you are using (and something like WireShark's "monitor" function). If you don't see anything that looks like what you fear is being sent,... then you can "safely" take off your tin foil hat...
Keep in mind that Mobile devices are going to transmit data/voice over their cell chipset, in addition to wifi/BT... And cell signals can be compromised in all sorts of ways (very insecure,... or, more appropriately; "Security through obscurity."). That's why Richard Stallman doesn't use a cell phone...
Bottom line is that unless all your traffic is being sent encrypted, then you can safely assume it's being intercepted by the NSA, et al. Even if it is being encrypted, they're still capturing it,... They just probably don't care enough about you to bother decrypting it.
Isn't it suspicious that the best understood architecture in the world is never or almost never used on smartphones?
The x86 instruction set is pretty horrible, it has all sorts of useless backward compat instructions that are hardly used, ASCII Adjust After Addition and a bunch of other BCD instructions, the old (80 bit!) floating point instructions, and variable length instruction encoding which makes disassembly much more difficult (of course it makes the decoding and executing more difficult as well).
x86 permits interleaving of code and static data within a section and
uses variable-length, unaligned instruction encodings. This trades
simplicity for brevity and speed, since more common instructions can
be assigned shorter encodings by architecture designers. An
unfortunate consequence, however, is that hidden instructions can be
concealed within x86 binaries by including jump instructions that
target the interior of another instruction's encoding, or that target
bytes that resemble data. This causes these bytes to be interpreted as
code at runtime, executing code that does not appear in the
disassembly. Malicious code is therefore much easier to conceal in x86
binaries than in other formats.
In case of spying features hidden in the chips, how about having two smartphones:
- one with the cellphone antenna ripped out and only wifi working, and
- the other set up as a gateway from wifi to GSM/3G and as a monitoring device (someone must have ported wireshark to android or ported similar monitoring software).
And instead of using the browser, use a VNC connection to your PC at home, over the internet, going through the monitoring smartphone.
Then spying chips in smartphone 1 sending traffic to third parties will be revealed by smartphone 2.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.